Type: Whistleblower submission platform
Access: Tor Browser required
Account required: No — codename system
Clearnet version: securedrop.org (documentation only)
Maintained by: Freedom of the Press Foundation
Used by: 70+ news organizations worldwide
Last verified: March 2026
What Is SecureDrop?
SecureDrop is an open-source whistleblower submission platform that lets sources share documents and communicate with journalists anonymously over the Tor network. It was developed by the Freedom of the Press Foundation and is used by over 70 major news organizations — including The New York Times, The Guardian, The Washington Post, ProPublica and The Intercept.
It is the most widely trusted tool for anonymous source-journalist communication in existence. Every organization that runs SecureDrop operates its own independent instance — there is no central server and no single point of failure or compromise. A source submitting to The Guardian’s SecureDrop is connecting to a server operated by The Guardian, not a shared platform.
SecureDrop Directory Onion Address
Important: The address above is the SecureDrop directory — a list of all news organizations running SecureDrop instances. Each organization has its own unique .onion address. To submit documents to a specific newsroom, navigate to the directory and find that organization’s specific address.
Clearnet directory: securedrop.org/directory — lists all participating organizations with their .onion addresses.
How SecureDrop Works
For Sources
The process is designed to be as simple as possible while maintaining maximum security:
- Open Tor Browser and navigate to the SecureDrop directory
- Find the news organization you want to contact and click their unique .onion address
- Follow the instructions on the organization’s SecureDrop page
- Upload documents or write a message — no account or email required
- Receive a randomly generated codename — write it down, do not store it digitally
- Use the codename to log back in later and read responses from the journalist
The codename is your only way to access the two-way communication channel. If you lose it, you cannot retrieve it — there is no account recovery because there is no account.
For Journalists
Journalists access SecureDrop submissions through a separate, air-gapped system — a computer with no internet connection that is used only for reading SecureDrop messages and handling submitted documents. This isolation prevents malware in submitted files from communicating with external servers.
What SecureDrop Protects Against
| Threat | Protected? | How |
|---|---|---|
| IP address exposure | ✅ Yes | All traffic routed through Tor |
| ISP monitoring | ✅ Yes | ISP sees Tor traffic, not SecureDrop |
| Newsroom server compromise | ✅ Partial | Air-gapped journalist workstation |
| Identity via account data | ✅ Yes | No accounts — codename only |
| File metadata | ❌ No | Must be stripped manually before upload |
| Content of documents | ❌ No | Documents themselves may identify source |
| Physical surveillance | ❌ No | SecureDrop is a digital tool only |
Critical: Strip Metadata Before Uploading
SecureDrop protects your network identity. It does not protect against metadata embedded in the files you submit. A Word document created on your work computer contains your name, your organization’s name, editing timestamps and potentially the file path from your machine. A photo taken on your phone contains GPS coordinates, device model and timestamp.
Before uploading any file to SecureDrop, strip its metadata completely using one of these tools:
- MAT2 — Built into Tails OS. Command line:
mat2 filename.pdf - ExifTool — Available for Windows, Mac and Linux. Command:
exiftool -all= filename - Tails OS — Right-click any file and select “Remove metadata” using the built-in MAT2 integration
After stripping metadata, verify the output file with ExifTool before uploading: exiftool filename-cleaned.pdf. If the output shows no identifying fields, the file is clean.
News Organizations Using SecureDrop
| Organization | Focus | SecureDrop Since |
|---|---|---|
| The New York Times | General news, investigations | 2013 |
| The Guardian | Investigations, surveillance | 2014 |
| The Washington Post | Government, politics | 2013 |
| ProPublica | Corporate accountability | 2013 |
| The Intercept | National security, surveillance | 2014 |
| BBC | International news | 2015 |
| Der Spiegel | German investigations | 2014 |
The full directory of all participating organizations is available at the SecureDrop directory .onion address above and at securedrop.org/directory on the clearnet.
SecureDrop vs. Other Whistleblower Channels
| Channel | Anonymity | Encryption | Two-way communication |
|---|---|---|---|
| SecureDrop | ✅ Strong | ✅ End-to-end | ✅ Via codename |
| Email (ProtonMail) | ⚠️ Moderate | ✅ Between ProtonMail users | ✅ Yes |
| Signal | ⚠️ Phone number required | ✅ End-to-end | ✅ Yes |
| Regular email | ❌ None | ❌ None by default | ✅ Yes |
| Phone tip line | ❌ Phone number logged | ❌ None | ✅ Yes |
SecureDrop’s History
SecureDrop was originally created by Aaron Swartz and journalist Kevin Poulsen in 2012 under the name DeadDrop. After Swartz’s death in January 2013, the project was taken over by the Freedom of the Press Foundation and renamed SecureDrop. The first production deployment was at The New Yorker in May 2013.
Since then it has become the industry standard for anonymous source communication in journalism. Its open-source codebase has been audited multiple times by independent security researchers, and the Freedom of the Press Foundation actively maintains and updates it — version 2.12.0 was released in March 2025 with Ubuntu 24.04 support.
Operational Security Checklist for Sources
- ✅ Use Tor Browser — not a regular browser or VPN
- ✅ Use Tails OS if possible — boots from USB, leaves no trace
- ✅ Strip metadata from all files before uploading
- ✅ Write down your codename on paper — do not store it digitally
- ✅ Do not access SecureDrop from your work device or work network
- ✅ Do not discuss your submission with anyone who does not need to know
- ✅ Check back regularly using your codename — journalists may have follow-up questions
- ❌ Do not use a device or network associated with your real identity
- ❌ Do not include identifying information in your message unless necessary
- ❌ Do not upload files that contain your name, username or organization in metadata
Frequently Asked Questions
Is SecureDrop truly anonymous?
SecureDrop provides strong anonymity at the network level — your IP address is hidden from the newsroom’s server through Tor routing. It does not protect against metadata in submitted files, identifying details in message content or physical surveillance. Used correctly — with Tails OS, stripped metadata and no identifying information in messages — it is the strongest available tool for source-journalist communication.
Can I use SecureDrop from my regular computer?
Yes, but the Freedom of the Press Foundation recommends using Tails OS for high-stakes submissions. Tails boots from a USB drive, routes all traffic through Tor and leaves no forensic trace on the host computer. For lower-stakes contact, Tor Browser on a regular computer is sufficient — but ensure the device is not managed by an employer and the network is not monitored.
What happens after I submit documents?
The newsroom receives your submission and a journalist reviews it. They may respond with questions or acknowledgment using the two-way messaging system. Log back in using your codename periodically — response times vary from hours to weeks depending on the organization and the nature of the submission.
Can law enforcement compel a newsroom to reveal my identity?
SecureDrop is designed so that newsrooms cannot reveal what they do not have. They do not have your IP address, your name or any account data. What they have is the content of your submission and any messages exchanged. Strong legal protections for journalist sources exist in most democracies — consult a lawyer if you have specific concerns about your jurisdiction.
What if the newsroom I want to contact does not use SecureDrop?
Contact the newsroom directly to ask about their secure submission process. Many smaller organizations use Signal or encrypted email instead of SecureDrop. If no secure channel is available, ProtonMail via its .onion address is a reasonable fallback — significantly less secure than SecureDrop but substantially better than regular email.